[Xymon] Web UI security - how to implement access filter per group/host
Andrey Chervonets
A.Chervonets at cominder.eu
Mon Apr 29 08:54:01 CEST 2013
Good day!
Now web-page is protected at web-server (Apache) level only.
I see we can protect exact directory and may be file/script like:
http://host:port/xymon/p_cominder/p_cominder.html
so we can allow some users see only some group pages.
But this does not protect direct metric links like:
http://host:port/xymon-cgi/svcstatus.sh?HOST=miminos.cominder.eu&SERVICE=disk
if I know other (not my) host name I can get this information event I am
not in group of that host.
And also at non-green Systems report user see ALL non-green hosts
http://host:port/xymon/nongreen.html
Question:
Does XyMon team have plans to implement groups/pages protection?
Or may be somebody know how to protect it with current version?
At present moment the only idea I see to have XyMon web UI as backgroud
service
and have foreground application with it's own authorisation - which will
then request background XyMon service/web-page,
filter out only what is required and return results to end user based on
user's permissions and groups.
It will take time, but I can write such application. But, as result we
have 2 applications instead of one.
May be there is more simple solution?
Best regards,
Andrey Chervonets
----------------------
SIA CoMinder
http://www.cominder.eu/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130429/152f551b/attachment.html>
More information about the Xymon
mailing list